Bitlocker and Linux

Stephen Partington cryptworks at gmail.com
Mon Oct 17 21:34:52 MST 2016 

When i did this. just to boot, Linux of windows I had to unlock bitlocker.
Its on my list of projects to try this again. i jsut ned to get a machine
together to run the experiment.

On Mon, Oct 17, 2016 at 8:23 PM, Brien Dieterle <briend at gmail.com> wrote:

> I don't see anything there about centrally managed full disk encryption
> for Linux with bitlocker.  There are products out there but no way a shop
> is going to invest in multiplatform solution just for one person.  I would
> look at doing native Linux encryption (whatever the distro offers during
> installation) and turn the key over to IT.  That might satisfy the
> insurance requirement without having a managed solution for Linux.
>
> On Oct 17, 2016 7:50 PM, "Stephen Partington" <cryptworks at gmail.com>
> wrote:
>
>> Incorrect, I have done this with Ubuntu. It requires you to turn over the
>> initial boot records to windows and use an application like EasyBCD to
>> manage them. but it provides full bitlocker compatibility with Linux.
>>
>> See method 3 from this post for a baseline. http://social.techne
>> t.microsoft.com/wiki/contents/articles/9528.how-to-multiboot
>> -with-bitlocker-tpm-and-a-non-windows-os.aspx
>>
>> I have done this with windows 7, Have not tried it with windows 10.
>>
>> On Mon, Oct 17, 2016 at 4:41 PM, Nathan England <nathan at nmecs.com> wrote:
>>
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>>
>>> I asked my IT department a question today and may have opened pandora's
>>> box.
>>>
>>> I've been allowed to run Fedora on my company laptop for a couple of
>>> years now. I am using a personal hard drive for Fedora that way if I
>>> needed to I could put the original Windows drive back in and access what
>>> ever I needed.
>>>
>>> I haven't used my Windows drive in over a year now and it's causing some
>>> issues with corporate AD and the anti-virus. So I requested installing
>>> windows in a VirtualBox and having corporate IT join it to the domain,
>>> install av, office suite, and the other stuff I may need but likely
>>> never will use, and then I can easily boot it once a week to keep my av
>>> up to date.
>>>
>>> The response was that our insurance requires the use of Bitlocker.
>>> Full stop...
>>>
>>> Their potential solution is to partition the drive to have Windows and
>>> Linux but both be encrypted with Bitlocker so they could access the
>>> drive contents should I ever leave or die or what ever...
>>>
>>> I realize encrypting the linux partition with bitlocker is not likely
>>> ever going to happen (right?) but are there corporate linux systems that
>>> allow IT access to encrypted volumes like Bitlocker and AD?
>>>
>>> I feel dirty even asking this. Doesn't this defeat the entire purpose of
>>> encryption to begin with? ugh... I guess it makes sense, but it sounds
>>> like inferior by design.
>>>
>>>
>>> - --
>>> ~~~~~~~~~~~~~~~~~~~~~~~~
>>> Nathan England
>>> -----BEGIN PGP SIGNATURE-----
>>> Version: GnuPG v1
>>>
>>> iQEcBAEBAgAGBQJYBWGMAAoJEOuk7+DwYjzgSIYH/3EtMISD68n5d88CX6XDctYT
>>> TcJLb00AVw5TvlK/+aLaMCu6EmkaZlDW+1KMk5pYvxV7MMhdPxKq1+tYbFh17JFG
>>> G7DWeXUvEC+tGUmy2fvhBGAyaBC5XWNiXkbmWq+g8D6yKzG90P9rjVn3bL7Yw8P3
>>> 8c/CyrncOF50yZieSedDgNPtfb2QWnPmaE0O43CcqTFihAN+5JSViV40YacCMTgS
>>> 0raKYspau6hbB9lnWg2ScQx0zIvFJvpIE0xwIYPkBDYGtitHm3YoTaFmv3KFsrV6
>>> OV/X/EOdurtWdsTwxjM2b6qI7ng0P4/xuSdedoK4jH86AnaKZGTy4Ox4OOidCvU=
>>> =HOWo
>>> -----END PGP SIGNATURE-----
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>
>>
>>
>> --
>> A mouse trap, placed on top of your alarm clock, will prevent you from
>> rolling over and going back to sleep after you hit the snooze button.
>>
>> Stephen
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>



-- 
A mouse trap, placed on top of your alarm clock, will prevent you from
rolling over and going back to sleep after you hit the snooze button.

Stephen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20161017/93947010/attachment.html>

More information about the PLUG-discuss mailing list